Align recaptcha error codes with Android and make recaptcha config internal

common/api-review/auth.api.md

@@ -227,8 +227,14 @@ export const AuthErrorCodes: {
     readonly WEAK_PASSWORD: "auth/weak-password";
     readonly WEB_STORAGE_UNSUPPORTED: "auth/web-storage-unsupported";
     readonly ALREADY_INITIALIZED: "auth/already-initialized";
-    readonly RECAPTCHA_CHECK_FAILED: "auth/recaptcha-check-failed";
     readonly RECAPTCHA_NOT_ENABLED: "auth/recaptcha-not-enabled";
+    readonly MISSING_RECAPTCHA_TOKEN: "auth/missing-recaptcha-token";
+    readonly INVALID_RECAPTCHA_TOKEN: "auth/invalid-recaptcha-token";
+    readonly INVALID_RECAPTCHA_ACTION: "auth/invalid-recaptcha-action";
+    readonly MISSING_CLIENT_TYPE: "auth/missing-client-type";
+    readonly MISSING_RECAPTCHA_VERSION: "auth/missing-recaptcha-version";
+    readonly INVALID_RECAPTCHA_VERSION: "auth/invalid-recaptcha-version";
+    readonly INVALID_REQ_TYPE: "auth/invalid-req-type";
 };
 
 // @public
@@ -666,11 +672,6 @@ export function reauthenticateWithPopup(user: User, provider: AuthProvider, reso
 // @public
 export function reauthenticateWithRedirect(user: User, provider: AuthProvider, resolver?: PopupRedirectResolver): Promise<never>;
 
-// @public (undocumented)
-export interface RecaptchaConfig {
-    emailPasswordEnabled: boolean;
-}
-
 // @public
 export interface RecaptchaParameters {
     // (undocumented)

docs-devsite/auth.md

@@ -132,7 +132,6 @@ Firebase Authentication
 |  [PhoneSingleFactorInfoOptions](./auth.phonesinglefactorinfooptions.md#phonesinglefactorinfooptions_interface) | Options used for single-factor sign-in. |
 |  [PopupRedirectResolver](./auth.popupredirectresolver.md#popupredirectresolver_interface) | A resolver used for handling DOM specific operations like [signInWithPopup()](./auth.md#signinwithpopup) or [signInWithRedirect()](./auth.md#signinwithredirect)<!-- -->. |
 |  [ReactNativeAsyncStorage](./auth.reactnativeasyncstorage.md#reactnativeasyncstorage_interface) | Interface for a supplied <code>AsyncStorage</code>. |
-|  [RecaptchaConfig](./auth.recaptchaconfig.md#recaptchaconfig_interface) |  |
 |  [RecaptchaParameters](./auth.recaptchaparameters.md#recaptchaparameters_interface) | Interface representing reCAPTCHA parameters.<!-- -->See the \[reCAPTCHA docs\](https://developers.google.com/recaptcha/docs/display\#render\_param) for the list of accepted parameters. All parameters are accepted except for <code>sitekey</code>: Firebase Auth provisions a reCAPTCHA for each project and will configure the site key upon rendering.<!-- -->For an invisible reCAPTCHA, set the <code>size</code> key to <code>invisible</code>. |
 |  [TotpMultiFactorAssertion](./auth.totpmultifactorassertion.md#totpmultifactorassertion_interface) | The class for asserting ownership of a TOTP second factor. Provided by [TotpMultiFactorGenerator.assertionForEnrollment()](./auth.totpmultifactorgenerator.md#totpmultifactorgeneratorassertionforenrollment) and [TotpMultiFactorGenerator.assertionForSignIn()](./auth.totpmultifactorgenerator.md#totpmultifactorgeneratorassertionforsignin)<!-- -->. |
 |  [TotpMultiFactorInfo](./auth.totpmultifactorinfo.md#totpmultifactorinfo_interface) | The subclass of the [MultiFactorInfo](./auth.multifactorinfo.md#multifactorinfo_interface) interface for TOTP second factors. The <code>factorId</code> of this second factor is [FactorId](./auth.md#factorid)<!-- -->.TOTP. |
@@ -1827,8 +1826,14 @@ AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY: {
     readonly WEAK_PASSWORD: "auth/weak-password";
     readonly WEB_STORAGE_UNSUPPORTED: "auth/web-storage-unsupported";
     readonly ALREADY_INITIALIZED: "auth/already-initialized";
-    readonly RECAPTCHA_CHECK_FAILED: "auth/recaptcha-check-failed";
     readonly RECAPTCHA_NOT_ENABLED: "auth/recaptcha-not-enabled";
+    readonly MISSING_RECAPTCHA_TOKEN: "auth/missing-recaptcha-token";
+    readonly INVALID_RECAPTCHA_TOKEN: "auth/invalid-recaptcha-token";
+    readonly INVALID_RECAPTCHA_ACTION: "auth/invalid-recaptcha-action";
+    readonly MISSING_CLIENT_TYPE: "auth/missing-client-type";
+    readonly MISSING_RECAPTCHA_VERSION: "auth/missing-recaptcha-version";
+    readonly INVALID_RECAPTCHA_VERSION: "auth/invalid-recaptcha-version";
+    readonly INVALID_REQ_TYPE: "auth/invalid-req-type";
 }
 ```
 

packages/auth/src/api/authentication/recaptcha.ts

@@ -23,7 +23,7 @@ import {
   _performApiRequest,
   _addTidIfNecessary
 } from '../index';
-import { Auth, RecaptchaConfig } from '../../model/public_types';
+import { Auth } from '../../model/public_types';
 
 interface GetRecaptchaParamResponse {
   recaptchaSiteKey?: string;
@@ -47,9 +47,14 @@ interface GetRecaptchaConfigRequest {
   version?: RecaptchaVersion;
 }
 
-interface GetRecaptchaConfigResponse {
-  recaptchaKey?: string;
-  recaptchaConfig?: RecaptchaConfig;
+interface RecaptchaEnforcementState {
+  provider: string;
+  enforcementState: string;
+}
+
+export interface GetRecaptchaConfigResponse {
+  recaptchaKey: string;
+  recaptchaEnforcementState: RecaptchaEnforcementState[];
 }
 
 export async function getRecaptchaConfig(

packages/auth/src/api/errors.ts

@@ -91,16 +91,14 @@ export const enum ServerError {
   USER_DISABLED = 'USER_DISABLED',
   USER_NOT_FOUND = 'USER_NOT_FOUND',
   WEAK_PASSWORD = 'WEAK_PASSWORD',
-  INVALID_RECAPTCHA_SCORE = 'invalid-recaptcha-score',
+  RECAPTCHA_NOT_ENABLED = 'recaptcha-not-enabled',
   MISSING_RECAPTCHA_TOKEN = 'missing-recaptcha-token',
   INVALID_RECAPTCHA_TOKEN = 'invalid-recaptcha-token',
-  INVALID_RECAPTCHA_ACTION = 'invalide-recaptcha-action',
-  INVALID_RECAPTCHA_ENFORCEMENT_STATE = 'invalid-recaptcha-enforcement-state',
-  RECAPTCHA_NOT_ENABLED = 'recaptcha-not-enabled',
+  INVALID_RECAPTCHA_ACTION = 'invalid-recaptcha-action',
   MISSING_CLIENT_TYPE = 'missing-client-type',
   MISSING_RECAPTCHA_VERSION = 'missing-recaptcha-version',
-  INVALID_REQ_TYPE = 'invalid-req-type',
-  INVALID_RECAPTCHA_VERSION = 'invalid-recaptcha-version'
+  INVALID_RECAPTCHA_VERSION = 'invalid-recaptcha-version',
+  INVALID_REQ_TYPE = 'invalid-req-type'
 }
 
 /**
@@ -216,15 +214,15 @@ export const SERVER_ERROR_MAP: Partial<ServerErrorMap<ServerError>> = {
   [ServerError.BLOCKING_FUNCTION_ERROR_RESPONSE]: AuthErrorCode.INTERNAL_ERROR,
 
   // Recaptcha related errors.
-  [ServerError.INVALID_RECAPTCHA_SCORE]: AuthErrorCode.RECAPTCHA_CHECK_FAILED,
   [ServerError.RECAPTCHA_NOT_ENABLED]: AuthErrorCode.RECAPTCHA_NOT_ENABLED,
-  [ServerError.MISSING_RECAPTCHA_TOKEN]: AuthErrorCode.INTERNAL_ERROR,
-  [ServerError.INVALID_RECAPTCHA_TOKEN]: AuthErrorCode.INTERNAL_ERROR,
-  [ServerError.INVALID_RECAPTCHA_ACTION]: AuthErrorCode.INTERNAL_ERROR,
-  [ServerError.INVALID_RECAPTCHA_ENFORCEMENT_STATE]:
-    AuthErrorCode.INTERNAL_ERROR,
-  [ServerError.MISSING_CLIENT_TYPE]: AuthErrorCode.INTERNAL_ERROR,
-  [ServerError.MISSING_RECAPTCHA_VERSION]: AuthErrorCode.INTERNAL_ERROR,
-  [ServerError.INVALID_REQ_TYPE]: AuthErrorCode.INTERNAL_ERROR,
-  [ServerError.INVALID_RECAPTCHA_VERSION]: AuthErrorCode.INTERNAL_ERROR
+  [ServerError.MISSING_RECAPTCHA_TOKEN]: AuthErrorCode.MISSING_RECAPTCHA_TOKEN,
+  [ServerError.INVALID_RECAPTCHA_TOKEN]: AuthErrorCode.INVALID_RECAPTCHA_TOKEN,
+  [ServerError.INVALID_RECAPTCHA_ACTION]:
+    AuthErrorCode.INVALID_RECAPTCHA_ACTION,
+  [ServerError.MISSING_CLIENT_TYPE]: AuthErrorCode.MISSING_CLIENT_TYPE,
+  [ServerError.MISSING_RECAPTCHA_VERSION]:
+    AuthErrorCode.MISSING_RECAPTCHA_VERSION,
+  [ServerError.INVALID_RECAPTCHA_VERSION]:
+    AuthErrorCode.INVALID_RECAPTCHA_VERSION,
+  [ServerError.INVALID_REQ_TYPE]: AuthErrorCode.INVALID_REQ_TYPE
 };

packages/auth/src/core/auth/auth_impl.test.ts

@@ -661,9 +661,27 @@ describe('core/auth/auth_impl', () => {
     });
   });
 
-  context('recaptchaConfig', () => {
-    const configAgent = { emailPasswordEnabled: true };
-    const configTenant = { emailPasswordEnabled: false };
+  context('recaptchaEnforcementState', () => {
+    const recaptchaConfigResponseEnforce = {
+      recaptchaKey: 'foo/bar/to/site-key',
+      recaptchaEnforcementState: [
+        { provider: 'EMAIL_PASSWORD_PROVIDER', enforcementState: 'ENFORCE' }
+      ]
+    };
+    const recaptchaConfigResponseOff = {
+      recaptchaKey: 'foo/bar/to/site-key',
+      recaptchaEnforcementState: [
+        { provider: 'EMAIL_PASSWORD_PROVIDER', enforcementState: 'OFF' }
+      ]
+    };
+    const cachedRecaptchaConfigEnforce = {
+      emailPasswordEnabled: true,
+      siteKey: 'site-key'
+    };
+    const cachedRecaptchaConfigOFF = {
+      emailPasswordEnabled: false,
+      siteKey: 'site-key'
+    };
 
     beforeEach(async () => {
       mockFetch.setUp();
@@ -682,14 +700,11 @@ describe('core/auth/auth_impl', () => {
           clientType: RecaptchaClientType.WEB,
           version: RecaptchaVersion.ENTERPRISE
         },
-        {
-          recaptchaKey: 'site-key',
-          recaptchaConfig: configAgent
-        }
+        recaptchaConfigResponseEnforce
       );
       await auth.initializeRecaptchaConfig();
 
-      expect(auth._getRecaptchaConfig()).to.eql(configAgent);
+      expect(auth._getRecaptchaConfig()).to.eql(cachedRecaptchaConfigEnforce);
     });
 
     it('recaptcha config should be set for tenant if tenant id is not null.', async () => {
@@ -702,14 +717,11 @@ describe('core/auth/auth_impl', () => {
           version: RecaptchaVersion.ENTERPRISE,
           tenantId: 'tenant-id'
         },
-        {
-          recaptchaKey: 'site-key',
-          recaptchaConfig: configTenant
-        }
+        recaptchaConfigResponseOff
       );
       await auth.initializeRecaptchaConfig();
 
-      expect(auth._getRecaptchaConfig()).to.eql(configTenant);
+      expect(auth._getRecaptchaConfig()).to.eql(cachedRecaptchaConfigOFF);
     });
 
     it('recaptcha config should dynamically switch if tenant id switches.', async () => {
@@ -721,10 +733,7 @@ describe('core/auth/auth_impl', () => {
           clientType: RecaptchaClientType.WEB,
           version: RecaptchaVersion.ENTERPRISE
         },
-        {
-          recaptchaKey: 'site-key',
-          recaptchaConfig: configAgent
-        }
+        recaptchaConfigResponseEnforce
       );
       await auth.initializeRecaptchaConfig();
       auth.tenantId = 'tenant-id';
@@ -735,17 +744,14 @@ describe('core/auth/auth_impl', () => {
           version: RecaptchaVersion.ENTERPRISE,
           tenantId: 'tenant-id'
         },
-        {
-          recaptchaKey: 'site-key',
-          recaptchaConfig: configTenant
-        }
+        recaptchaConfigResponseOff
       );
       await auth.initializeRecaptchaConfig();
 
       auth.tenantId = null;
-      expect(auth._getRecaptchaConfig()).to.eql(configAgent);
+      expect(auth._getRecaptchaConfig()).to.eql(cachedRecaptchaConfigEnforce);
       auth.tenantId = 'tenant-id';
-      expect(auth._getRecaptchaConfig()).to.eql(configTenant);
+      expect(auth._getRecaptchaConfig()).to.eql(cachedRecaptchaConfigOFF);
     });
   });
 });

packages/auth/src/core/auth/auth_impl.ts

@@ -22,7 +22,6 @@ import {
   AuthErrorMap,
   AuthSettings,
   EmulatorConfig,
-  RecaptchaConfig,
   NextOrObserver,
   Persistence,
   PopupRedirectResolver,
@@ -65,6 +64,7 @@ import { HttpHeader, RecaptchaClientType, RecaptchaVersion } from '../../api';
 import { getRecaptchaConfig } from '../../api/authentication/recaptcha';
 import { RecaptchaEnterpriseVerifier } from '../../platform_browser/recaptcha/recaptcha_enterprise_verifier';
 import { AuthMiddlewareQueue } from './middleware';
+import { RecaptchaConfig } from '../../platform_browser/recaptcha/recaptcha';
 
 interface AsyncAction {
   (): Promise<void>;
@@ -397,16 +397,14 @@ export class AuthImpl implements AuthInternal, _FirebaseService {
       clientType: RecaptchaClientType.WEB,
       version: RecaptchaVersion.ENTERPRISE
     });
-    // TODO(chuanr): Confirm the response format when backend is ready
-    if (response.recaptchaConfig === undefined) {
-      throw new Error('recaptchaConfig undefined');
-    }
-    const config = response.recaptchaConfig;
-    if (this.tenantId) {
-      this._tenantRecaptchaConfigs[this.tenantId] = config;
-    } else {
+
+    const config = new RecaptchaConfig(response);
+    if (this.tenantId == null) {
       this._agentRecaptchaConfig = config;
+    } else {
+      this._tenantRecaptchaConfigs[this.tenantId] = config;
     }
+
     if (config.emailPasswordEnabled) {
       const verifier = new RecaptchaEnterpriseVerifier(this);
       void verifier.verify();